Cybersecurity experts and former government leaders are stunned by how poorly the Secret Service and the Department of Homeland Security handled the preservation of officials’ text messages and other data from around Jan. 6, 2021, saying the top agencies entrusted with fighting cybercrime should never have bungled the simple task of backing up agents’ phones.
Experts are divided over whether the disappearance of phone data from around the time of the insurrection is a sign of incompetence, an intentional coverup, or some murkier middle ground. But the failure has raised suspicions about the disposition of records that could provide intimate details about what happened on that chaotic day, and whose preservation was mandated by federal law.
“This was the most singularly stressful day for the Secret Service since the attempted assassination of [Ronald] Reagan,” said Paul Rosenzweig, a senior policy official at the Department of Homeland Security during the George W. Bush administration who’s now a cybersecurity consultant in Washington. “Why apparently was there no interest in preserving records for the purposes of doing an after-action review? It’s like we have a 9/11 attack and air traffic control wipes its records.”
Rosenzweig said he polled 11 of his friends with cybersecurity backgrounds, including information-security chiefs at federal agencies, on whether any of them had ever done a migration without a plan for backing up data and restoring it. None of them had. “There’s a relatively high degree of skepticism about [the Secret Service] in the group,” he said.
The Secret Service said it began deleting data from officials’ phones in the same month as the Capitol siege, when their agents were among the closest eyewitnesses both to former president Trump, now under criminal investigation for his push to overturn the election, and to former vice president Pence, who’d narrowly escaped the mob.
The agency said that the deletions were part of a preplanned “system migration,” that agents had been instructed to back up their own phones, and that any “insinuation” of malicious intent is wrong.
But tech experts said such a migration is a task that smaller organizations routinely accomplish without error. The agency also went through with its reset of the phones more than a week after Jan. 16, 2021, when House committees told officials at DHS to hand over all relevant “documents or materials” as part of their investigations into the deadly assault.
The error likely means that the information, which could reveal details critical to the Jan. 6 committee’s ongoing investigation, may be extremely challenging if not impossible to retrieve. Some of the data may remain on the phones, even after deletion, but with options for unlocking it that are slim to none.
If the Secret Service had truly wanted to preserve agents’ messages, experts said, it should have been almost trivially easy to do so. Backups and exports are a basic feature of nearly every messaging service, and federal law requires such records to be safeguarded and submitted to the National Archives.
Several experts were critical of the Secret Service’s explanation that it had asked agents to upload their own phone data to an agency drive before their phones were wiped. Cybersecurity professionals said that policy was “highly unusual,” “ludicrous,” a “failure of management” and “not something any other organization would ever do.”
The error is especially notable because of the Secret Service’s vaunted role in the federal bureaucracy. Besides protecting America’s most powerful people, the agency leads some of the government’s most technically sophisticated investigations of financial fraud, ransomware and cybercrime.
“Telling people to back up their stuff individually just sounds crazy,” said one technology chief interviewed by The Post, who asked to remain anonymous because he was discussing sensitive information security practices. “This is why you have IT people. Why not tell people to go buy their own ammunition?”
On Thursday, The Washington Post revealed that phone records from Trump’s acting Homeland Security Secretary Chad Wolf and acting deputy secretary Ken Cuccinelli in the days leading up to the Capitol riots also apparently vanished due to what internal emails suggested was a “reset” of their phones after they left their jobs in January 2021. Wolf has said he gave his phone to DHS officials with all data intact, and the reset appears to have been separate from the Secret Service’s migration.
Some experts said they could see how such errors were possible. Both the DHS and Secret Service are known for a culture of secrecy, a disdain for oversight and a preference for operational security above all else. Among the potential technical complications, these experts said, was the fact that DHS and Secret Service personnel can use iPhones and Apple’s iMessage for communications, which encrypts texts and stores them on the phone.
But several experts said they could not understand why the agencies had not worked more aggressively to safeguard phone records after Jan. 6 — not only because they were legally required to, but because the information could have helped them scrutinize how they had performed during an attack on the heart of American democracy.
In a letter to the House select committee investigating the insurrection, Secret Service officials said they began planning in the fall of 2020 to move all devices onto Microsoft Intune, a “mobile device management” service, known as an MDM, that companies and other organizations can use to centrally manage their computers and phones.
The agency said it told its personnel on Jan. 25 to back up their phones’ data onto an internal drive, including offering a “step-by-step” guide, but that employees were ultimately “responsible for appropriately preserving government records that may be created via text messaging.” The Secret Service said agents were told that enrolling their devices in the new system, via a “self-install,” was mandatory, though it was not clear that actually performing the backup was.
The migration, the agency said, began two days later, on Jan. 27 — 11 days after the committee had first instructed DHS officials to preserve their records. Some experts questioned why, even if the process had been preplanned, the agency did not pause the migration or assume a more direct role in preserving agents' data during that 11-day span.
Experts are divided over whether the disappearance of phone data from around the time of the insurrection is a sign of incompetence, an intentional coverup, or some murkier middle ground. But the failure has raised suspicions about the disposition of records that could provide intimate details about what happened on that chaotic day, and whose preservation was mandated by federal law.
“This was the most singularly stressful day for the Secret Service since the attempted assassination of [Ronald] Reagan,” said Paul Rosenzweig, a senior policy official at the Department of Homeland Security during the George W. Bush administration who’s now a cybersecurity consultant in Washington. “Why apparently was there no interest in preserving records for the purposes of doing an after-action review? It’s like we have a 9/11 attack and air traffic control wipes its records.”
Rosenzweig said he polled 11 of his friends with cybersecurity backgrounds, including information-security chiefs at federal agencies, on whether any of them had ever done a migration without a plan for backing up data and restoring it. None of them had. “There’s a relatively high degree of skepticism about [the Secret Service] in the group,” he said.
The Secret Service said it began deleting data from officials’ phones in the same month as the Capitol siege, when their agents were among the closest eyewitnesses both to former president Trump, now under criminal investigation for his push to overturn the election, and to former vice president Pence, who’d narrowly escaped the mob.
The agency said that the deletions were part of a preplanned “system migration,” that agents had been instructed to back up their own phones, and that any “insinuation” of malicious intent is wrong.
But tech experts said such a migration is a task that smaller organizations routinely accomplish without error. The agency also went through with its reset of the phones more than a week after Jan. 16, 2021, when House committees told officials at DHS to hand over all relevant “documents or materials” as part of their investigations into the deadly assault.
The error likely means that the information, which could reveal details critical to the Jan. 6 committee’s ongoing investigation, may be extremely challenging if not impossible to retrieve. Some of the data may remain on the phones, even after deletion, but with options for unlocking it that are slim to none.
If the Secret Service had truly wanted to preserve agents’ messages, experts said, it should have been almost trivially easy to do so. Backups and exports are a basic feature of nearly every messaging service, and federal law requires such records to be safeguarded and submitted to the National Archives.
Several experts were critical of the Secret Service’s explanation that it had asked agents to upload their own phone data to an agency drive before their phones were wiped. Cybersecurity professionals said that policy was “highly unusual,” “ludicrous,” a “failure of management” and “not something any other organization would ever do.”
The error is especially notable because of the Secret Service’s vaunted role in the federal bureaucracy. Besides protecting America’s most powerful people, the agency leads some of the government’s most technically sophisticated investigations of financial fraud, ransomware and cybercrime.
“Telling people to back up their stuff individually just sounds crazy,” said one technology chief interviewed by The Post, who asked to remain anonymous because he was discussing sensitive information security practices. “This is why you have IT people. Why not tell people to go buy their own ammunition?”
On Thursday, The Washington Post revealed that phone records from Trump’s acting Homeland Security Secretary Chad Wolf and acting deputy secretary Ken Cuccinelli in the days leading up to the Capitol riots also apparently vanished due to what internal emails suggested was a “reset” of their phones after they left their jobs in January 2021. Wolf has said he gave his phone to DHS officials with all data intact, and the reset appears to have been separate from the Secret Service’s migration.
Some experts said they could see how such errors were possible. Both the DHS and Secret Service are known for a culture of secrecy, a disdain for oversight and a preference for operational security above all else. Among the potential technical complications, these experts said, was the fact that DHS and Secret Service personnel can use iPhones and Apple’s iMessage for communications, which encrypts texts and stores them on the phone.
But several experts said they could not understand why the agencies had not worked more aggressively to safeguard phone records after Jan. 6 — not only because they were legally required to, but because the information could have helped them scrutinize how they had performed during an attack on the heart of American democracy.
In a letter to the House select committee investigating the insurrection, Secret Service officials said they began planning in the fall of 2020 to move all devices onto Microsoft Intune, a “mobile device management” service, known as an MDM, that companies and other organizations can use to centrally manage their computers and phones.
The agency said it told its personnel on Jan. 25 to back up their phones’ data onto an internal drive, including offering a “step-by-step” guide, but that employees were ultimately “responsible for appropriately preserving government records that may be created via text messaging.” The Secret Service said agents were told that enrolling their devices in the new system, via a “self-install,” was mandatory, though it was not clear that actually performing the backup was.
The migration, the agency said, began two days later, on Jan. 27 — 11 days after the committee had first instructed DHS officials to preserve their records. Some experts questioned why, even if the process had been preplanned, the agency did not pause the migration or assume a more direct role in preserving agents' data during that 11-day span.